From patchwork Wed Mar 23 07:07:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Remco van 't Veer X-Patchwork-Id: 38019 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 531A827BBEA; Wed, 23 Mar 2022 07:08:31 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 90F3427BBE9 for ; Wed, 23 Mar 2022 07:08:27 +0000 (GMT) Received: from localhost ([::1]:59476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nWv6Y-0008M7-LY for patchwork@mira.cbaines.net; Wed, 23 Mar 2022 03:08:26 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38812) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nWv6A-0008Ky-VH for guix-patches@gnu.org; Wed, 23 Mar 2022 03:08:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48654) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nWv6A-0001Lq-At for guix-patches@gnu.org; Wed, 23 Mar 2022 03:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nWv6A-0001dM-2H for guix-patches@gnu.org; Wed, 23 Mar 2022 03:08:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54352] [PATCH v3] services: dnsmasq: Add more options. References: <20220312154813.5538-1-remco@remworks.net> In-Reply-To: <20220312154813.5538-1-remco@remworks.net> Resent-From: Remco van 't Veer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 23 Mar 2022 07:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54352 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54352@debbugs.gnu.org Cc: Remco van 't Veer Received: via spool by 54352-submit@debbugs.gnu.org id=B54352.16480192736254 (code B ref 54352); Wed, 23 Mar 2022 07:08:02 +0000 Received: (at 54352) by debbugs.gnu.org; 23 Mar 2022 07:07:53 +0000 Received: from localhost ([127.0.0.1]:42551 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWv60-0001cm-K7 for submit@debbugs.gnu.org; Wed, 23 Mar 2022 03:07:53 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:35679) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWv5y-0001cO-PC for 54352@debbugs.gnu.org; Wed, 23 Mar 2022 03:07:51 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id A58595C00E6; Wed, 23 Mar 2022 03:07:44 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 23 Mar 2022 03:07:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm3; bh=reY60N9VFg/Cn1a/LItwnVPHnI9UdKsKUZFCDv ZemEk=; b=PB+4E6YRM6XdXSJCw+/C2Zev/XBQZ/GnZMwBI1AbNPeBCaxCpuQudR 2t8a4yvPZWctB6DxBJHYs7gzOaUjYZ/dAROntRf5Wwky6VOQoPb8WH0Ie2ZpMtFI xzQRgkvY29uU83oNNk0lVXU+P6rI/iRX0ppaTpkcll1zKluepRHX5Q8XhpC7zhep 3DqaLDuv9GLtUrNAVZharHDnRyyf+1ifk3BidFgohpxcBsIDBuh3o1uey2UFBNxU OM+DU6X/S2oKsyEkidW3Czi4xFVmAypCRUafLi1xRvalOHTDxY2IlUJVrwEW0nMb PHp7WsFfD/Hgs9fMZKWVA0t8vqZlHx1w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=reY60N 9VFg/Cn1a/LItwnVPHnI9UdKsKUZFCDvZemEk=; b=Y2EnGEaYsY5Yv2gmKGVQcF A9y5Y5RGol6wn5qgzxffSQ6nPnufjLnKk41fPqyrfoJsK5IcRLJcpQMpBo82KeRH 0yj68rg3J7VHGOR0N3sH1om8Zp7grLkoBzJ9Yfxv33o0NY/5bC4gXCDrKlfLZ7VV nBVd85y6yuC9PhV0UT/d754AWSM5UCd5WpZ3uW18jRFVvAqtkgqDp+Fj/RDa5RIt vqkcUXcICpIUcQ9vXq0P3wEYGqvk+n3St7pSyr9SgejvocBSGSOdPOIeAkCe921V fJU3ACeiQv6Js1PH9zex5OuDS8HN0VazcCI7VwBeW5nMBjI1Z7rRuRE0sunzXoOg == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudegiedguddtvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffogggtgfesthekre dtredtjeenucfhrhhomheptfgvmhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtgho sehrvghmfihorhhkshdrnhgvtheqnecuggftrfgrthhtvghrnhepveefudfgfeeuleevle dttdetheejhfevvdeugfeukedthfdufeetkeeutdeghfeinecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtoh hm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 23 Mar 2022 03:07:44 -0400 (EDT) From: Remco van 't Veer Date: Wed, 23 Mar 2022 08:07:33 +0100 Message-Id: <20220323070733.5399-1-remco@remworks.net> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dns.scm (): Add forward-private-reverse-lookup?, strict-order? and cpe-id options. (dnsmasq-shepherd-service): Pass added options to dnsmasq and use match-record instead of match-lambda. * doc/guix.texi (Guix Services): Document options added to dnsmasq. --- Changes from v2 to v3: * renamed field additional-cpe-id to cpe-id * improved documentation of cpe-id * renamed field strict-order? to query-servers-in-order? doc/guix.texi | 13 +++ gnu/services/dns.scm | 183 ++++++++++++++++++++++++------------------- 2 files changed, 115 insertions(+), 81 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 44b0f9f1ea..e8ef4286be 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -100,6 +100,7 @@ Copyright @copyright{} 2021 Josselin Poiret@* Copyright @copyright{} 2021 Andrew Tropin@* Copyright @copyright{} 2021 Sarah Morgensen@* Copyright @copyright{} 2021 Josselin Poiret@* +Copyright @copyright{} 2022 Remco van 't Veer@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -28945,6 +28946,14 @@ The file to read the IP address of the upstream nameservers from. @item @code{no-resolv?} (default: @code{#f}) When true, don't read @var{resolv-file}. +@item @code{forward-private-reverse-lookup?} (default: @code{#t}) +When false, all reverse lookups for private IP ranges are answered with +"no such domain" rather than being forwarded upstream. + +@item @code{query-servers-in-order?} (default: @code{#f}) +When true, dnsmasq queries the servers in the same order as they appear +in @var{servers}. + @item @code{servers} (default: @code{'()}) Specify IP address of upstream servers directly. @@ -28974,6 +28983,10 @@ disables caching. @item @code{negative-cache?} (default: @code{#t}) When false, disable negative caching. +@item @code{cpe-id} (default: @code{#f}) +If set, add a CPE (Customer-Premises Equipment) identifier to DNS +queries which are forwarded upstream. + @item @code{tftp-enable?} (default: @code{#f}) Whether to enable the built-in TFTP server. diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 9b8603cc95..a220b33f15 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2018 Oleg Pykhalov ;;; Copyright © 2020 Pierre Langlois ;;; Copyright © 2021 Maxime Devos +;;; Copyright © 2022 Remco van 't Veer ;;; ;;; This file is part of GNU Guix. ;;; @@ -745,6 +746,12 @@ (define-record-type* (default "/etc/resolv.conf")) ;string (no-resolv? dnsmasq-configuration-no-resolv? (default #f)) ;boolean + (forward-private-reverse-lookup? + dnsmasq-configuration-forward-private-reverse-lookup? + (default #t)) ;boolean + (query-servers-in-order? + dnsmasq-configuration-query-servers-in-order? + (default #f)) ;boolean (servers dnsmasq-configuration-servers (default '())) ;list of string (addresses dnsmasq-configuration-addresses @@ -752,7 +759,9 @@ (define-record-type* (cache-size dnsmasq-configuration-cache-size (default 150)) ;integer (negative-cache? dnsmasq-configuration-negative-cache? - (default #t)) ;boolean + (default #t)) ;boolean + (cpe-id dnsmasq-configuration-cpe-id + (default #t)) ;string (tftp-enable? dnsmasq-configuration-tftp-enable? (default #f)) ;boolean (tftp-no-fail? dnsmasq-configuration-tftp-no-fail? @@ -776,86 +785,98 @@ (define-record-type* (tftp-unique-root dnsmasq-tftp-unique-root (default #f))) ;"" or "ip" or "mac" -(define dnsmasq-shepherd-service - (match-lambda - (($ package - no-hosts? - port local-service? listen-addresses - resolv-file no-resolv? servers - addresses cache-size negative-cache? - tftp-enable? tftp-no-fail? - tftp-single-port? tftp-secure? - tftp-max tftp-mtu tftp-no-blocksize? - tftp-lowercase? tftp-port-range - tftp-root tftp-unique-root) - (shepherd-service - (provision '(dnsmasq)) - (requirement '(networking)) - (documentation "Run the dnsmasq DNS server.") - (start #~(make-forkexec-constructor - '(#$(file-append package "/sbin/dnsmasq") - "--keep-in-foreground" - "--pid-file=/run/dnsmasq.pid" - #$@(if no-hosts? - '("--no-hosts") - '()) - #$(format #f "--port=~a" port) - #$@(if local-service? - '("--local-service") - '()) - #$@(map (cut format #f "--listen-address=~a" <>) - listen-addresses) - #$(format #f "--resolv-file=~a" resolv-file) - #$@(if no-resolv? - '("--no-resolv") - '()) - #$@(map (cut format #f "--server=~a" <>) - servers) - #$@(map (cut format #f "--address=~a" <>) - addresses) - #$(format #f "--cache-size=~a" cache-size) - #$@(if negative-cache? - '() - '("--no-negcache")) - #$@(if tftp-enable? - '("--enable-tftp") - '()) - #$@(if tftp-no-fail? - '("--tftp-no-fail") - '()) - #$@(if tftp-single-port? - '("--tftp-single-port") - '()) - #$@(if tftp-secure? - '("--tftp-secure?") - '()) - #$@(if tftp-max - (list (format #f "--tftp-max=~a" tftp-max)) - '()) - #$@(if tftp-mtu - (list (format #f "--tftp-mtu=~a" tftp-mtu)) - '()) - #$@(if tftp-no-blocksize? - '("--tftp-no-blocksize") - '()) - #$@(if tftp-lowercase? - '("--tftp-lowercase") - '()) - #$@(if tftp-port-range - (list (format #f "--tftp-port-range=~a" - tftp-port-range)) - '()) - #$@(if tftp-root - (list (format #f "--tftp-root=~a" tftp-root)) - '()) - #$@(if tftp-unique-root - (list - (if (> (length tftp-unique-root) 0) - (format #f "--tftp-unique-root=~a" tftp-unique-root) - (format #f "--tftp-unique-root"))) - '())) - #:pid-file "/run/dnsmasq.pid")) - (stop #~(make-kill-destructor)))))) +(define (dnsmasq-shepherd-service config) + (match-record config + (package + no-hosts? + port local-service? listen-addresses + resolv-file no-resolv? + forward-private-reverse-lookup? query-servers-in-order? + servers addresses + cache-size negative-cache? + cpe-id + tftp-enable? tftp-no-fail? + tftp-single-port? tftp-secure? + tftp-max tftp-mtu tftp-no-blocksize? + tftp-lowercase? tftp-port-range + tftp-root tftp-unique-root) + (shepherd-service + (provision '(dnsmasq)) + (requirement '(networking)) + (documentation "Run the dnsmasq DNS server.") + (start #~(make-forkexec-constructor + '(#$(file-append package "/sbin/dnsmasq") + "--keep-in-foreground" + "--pid-file=/run/dnsmasq.pid" + #$@(if no-hosts? + '("--no-hosts") + '()) + #$(format #f "--port=~a" port) + #$@(if local-service? + '("--local-service") + '()) + #$@(map (cut format #f "--listen-address=~a" <>) + listen-addresses) + #$(format #f "--resolv-file=~a" resolv-file) + #$@(if no-resolv? + '("--no-resolv") + '()) + #$@(if forward-private-reverse-lookup? + '() + '("--bogus-priv")) + #$@(if query-servers-in-order? + '("--strict-order") + '()) + #$@(map (cut format #f "--server=~a" <>) + servers) + #$@(map (cut format #f "--address=~a" <>) + addresses) + #$(format #f "--cache-size=~a" cache-size) + #$@(if negative-cache? + '() + '("--no-negcache")) + #$@(if cpe-id + (list (format #f "--add-cpe-id=~a" cpe-id)) + '()) + #$@(if tftp-enable? + '("--enable-tftp") + '()) + #$@(if tftp-no-fail? + '("--tftp-no-fail") + '()) + #$@(if tftp-single-port? + '("--tftp-single-port") + '()) + #$@(if tftp-secure? + '("--tftp-secure?") + '()) + #$@(if tftp-max + (list (format #f "--tftp-max=~a" tftp-max)) + '()) + #$@(if tftp-mtu + (list (format #f "--tftp-mtu=~a" tftp-mtu)) + '()) + #$@(if tftp-no-blocksize? + '("--tftp-no-blocksize") + '()) + #$@(if tftp-lowercase? + '("--tftp-lowercase") + '()) + #$@(if tftp-port-range + (list (format #f "--tftp-port-range=~a" + tftp-port-range)) + '()) + #$@(if tftp-root + (list (format #f "--tftp-root=~a" tftp-root)) + '()) + #$@(if tftp-unique-root + (list + (if (> (length tftp-unique-root) 0) + (format #f "--tftp-unique-root=~a" tftp-unique-root) + (format #f "--tftp-unique-root"))) + '())) + #:pid-file "/run/dnsmasq.pid")) + (stop #~(make-kill-destructor))))) (define (dnsmasq-activation config) #~(begin